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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. Claims 49, 50, 51 and 52 have been added, Claim 25 has been amended and 
Claims 10, 22, 34 and 46 have been canceled. 

Listing of Claims: 

1 . (previously presented) An apparatus comprising: 

a key generator to generate an operating system nub key (OSNK) unique to an 
operating system (OS) nub, the OS nub being part of an operating system to run on a 
secure platform, the OS nub further being associated with a ring hierarchy level; and 

a usage protector coupled to the key generator to protect usage of a subset of a 
software environment using the OSNK. 

2. (original) The apparatus of claim 1 wherein the key generator comprises: 

a combiner to combine an identification of the OS nub and a master binding key 
(BK0) of the secure platform, the combined identification and the BK0 corresponding to 
the OSNK. 

3. (original) The apparatus of claim 2 wherein the identification is a hash 
value of one of the OS nub and a certificate representing the OS nub. 
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4. (original) The apparatus of claim 1 wherein the usage protector 
comprises: 

an encryptor to encrypt the subset of the software environment using the OSNK. 

5. (previously presented) The apparatus of claim 1 wherein the usage 
protector comprises: 

a first encryptor to encrypt a first hash value of the subset of the software 
environment using the OSNK and to store the encrypted first hash value in a storage; 

a second encryptor to encrypt a second hash value of the subset of the software 
environment using the OSNK; and 

a comparator to compare result between the encrypted second hash value and the 
encrypted first hash value retrieved from the storage, the comparison result indicating if 
the subset of the software environment has been modified. 

6. (previously presented) The apparatus of claim 1 wherein the usage protector 
comprises: 

a first encryptor to encrypt a first hash value of the subset of the software 
environment using the OSNK and to store the encrypted first hash value in a storage; 

a decryptor to decrypt the encrypted first hash value using the OSNK; and 
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a comparator to compare a second hash value and the decrypted first hash value 
retrieved from the storage, to determine if the subset of the software environment has 
been modified. 

7. (original) The apparatus of claim 1 wherein the usage protector 
comprises: 

a signature generator to generate a signature of the subset of the software 
environment using a private key; and 

a signature verifier to verify the signature using a public key to protect usage of 
subset if the subset of the software environment has been modified. 

8. (previously presented) The apparatus of claim 1 wherein the usage 
protector comprises: 

a manifest generator to generate a manifest of the subset of the software 
environment, the manifest to describe_the portionof the software environment; 

a signature generator coupled to the manifest generator to generate a manifest 
signature of the manifest using a private key; 

a decryptor to decrypt the private key using the OSNK; 

a signature verifier coupled to the signature generator to verify the manifest 
signature using a public key; and 
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a manifest verifier coupled to the signature verifier to verify the manifest, the 
verified manifest to indicate if the subset of the software environment has been modified. 

9. (previously presented) The apparatus of claim 1 wherein the secure 
platform is to use an isolated execution mode. 

10. (cancel) Th e apparatus of claim 1 wh e r e in th e softwar e environm e nt is 
one of a WINDOWS© operating system, a WINDOWS© 95 op e rating system, a 
WINDOWS® 98 operating system, a WINDOWS NT© operating system, and a 
WINDOWS® 2000 op e rating syst e m . 

1 1 . (original) The apparatus of claim 9 wherein the subset of the software 
environment is a registry of an operating system. 

12. (original) The apparatus of claim 2 wherein the BK0 is generated at 
random on a first invocation of a processor nub. 

13. (previously presented) A method comprising: 

generating an operating system nub key (OSNK) unique to an operating system 
(OS) nub, the OS nub being part of an operating system to run on a secure platform, the 
OS nub further being associated with a ring hierarchy level; and 

protecting usage of a subset of the software environment using the OSNK. 



Page 5 of 23 



Appl. No. 10/327,556 



Attorney Docket : 42390. P1 3925 



Reply to Office action of 7/12/05 



14. (previously presented) The method of claim 13 wherein generating the 
OSNK comprises: 

combining an identification of the OS nub and a master binding key (BKO) of the 
secure platform, the combined identification and the BKO corresponding to the OSNK. 

15. (previously presented) The method of claim 14 wherein the identification 
is a hash value of one of the OS nub and a certificate representing the OS nub. 

16. (previously presented) The method of claim 13 wherein protecting usage 
comprises: 

encrypting the subset of the software environment using the OSNK. 

17. (previously presented) The method of claim 13 wherein protecting usage 
comprises: 

encrypting a first hash value of the subset of the software environment by the 
OSNK and storing the encrypted first hash value in a storage; 

encrypting a second hash value of the subset of the software environment using 
the OSNK; and 

comparing the encrypted second hash value to the encrypted first hash value 
retrieved from the storage, the comparison result indicating if the subset of the software 
environment has been modified. 
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1 8. (previously presented) The method of claim 1 3 wherein protecting usage 
comprises: 

encrypting a first hash value of the subset of the software environment by the 
OSNK and storing the encrypted first hash value in a storage; 

decrypting the encrypted first hash value using the OSNK; and 

comparing a second hash value to the decrypted first hash value retrieved from 
the storage, to determinejf the subset of the software environment has been modified. 

19. (previously presented) The method of claim 13 wherein protecting usage 
comprises: 

generating a signature of the subset of the software environment using a private 
key; and 

verifying the signature using a public key to detect if the subset of the software 
environment has been modified. 

20. (previously presented) The method of claim 13 wherein detecting 
comprises: 

generating a manifest of the subset of the software environment, the manifest 
describing the subset of the software environment; 
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generating a manifest signature of the manifest using a private key, the private 
key being decrypted using the OSNK; 

verifying the encrypted manifest signature using a public key; and 

veri fying the manifest, the verified manifest indicating if the subset of the 
software environment has been modified. 

2 1 . (previously presented) The method of claim 1 3 wherein the secure 
platform uses an isolated execution mode. 

22. (cancel) The method of claim 13 wh e r e in th e softwar e environment is one 
of a WINDOWS® op e rating syst e m, a WINDOWS© 95 operating system, a 
WINDOWS® 98 operating system, a WINDOWS NT© operating system, and a 
WINDOWS® 2000 op e rating syst e m . 

23. (previously presented) The method of claim 21 wherein the subset of the 
software environment is a registry of the operating system. 

24. (original) The method of claim 14, wherein the BK0 is generated at 
random on a first invocation of a processor nub. 

25. (currently amended) A computer program product comprising: 

a comput e r usabl e processor readable medium having computer program code 
embodied therein, the comput e r program product processor readable medium having: 
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tangible computer readable program code for generating an operating system nub 
key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an 
operating system to run on a secure platform, the OS nub further being associated with a 
ring hierarchy level; and 

tangible computer readable program code for protecting usage of a subset of the 
software environment using the OSNK. 

26. (previously presented) The computer program product of claim 25 
wherein the computer readable program code for generating the OSNK comprises: 

computer readable program code for combining an identification of the OS nub 
and a master binding key (BKO) of the secure platform, the combined identification and 
the BKO corresponding to the OSNK. 

27. (previously presented) The computer program product of claim 26 
wherein the identification is a hash value of one of the OS nub and a certificate 
representing the OS nub. 

28. (previously presented) The computer program product of claim 25 
wherein the computer readable program code for protecting usage comprises: 

computer readable program code for encrypting the subset of the software 
environment using the OSNK. 

29. (previously presented) The computer program product of claim 25 
wherein the computer readable program code for protecting usage comprises: 
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computer readable program code for encrypting a first hash value of the subset of 
the software environment using the OSNK, the encrypted first hash value being stored in 
a storage; 

computer readable program code for encrypting a second hash value of the subset 
of the software environment using the OSNK; and 

computer readable program code for comparing the encrypted second hash value 
and the encrypted first hash value retrieved from the storage, the comparison result 
indicating if the subset of the software environment has been modified. 

30. (previously presented) The computer program product of claim 25 
wherein the computer readable program code for protecting usage comprises: 

computer readable program code for encrypting a first hash value of the subset of 
the software environment using the OSNK, the encrypted first hash value being stored in 
a storage; 

computer readable program code for decrypting the encrypted first hash value of 
the subset of the software environment using the OSNK; and 

computer readable program code for comparing the second hash value and the 
decrypted first hash value retrieved from the storage, the comparison result indicating if 
the subset of the software environment has been modified. 

3 1 . (previously presented) The computer program product of claim 25 
wherein the computer readable program code for protecting usage comprises: 
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computer readable program code for generating a signature of the subset of the 
software environment using a private key, the private key being decrypted using the 
OSNK; and 

computer readable program code for verifying the signature using a public key to 
detect if the subset of the software environment has been modified. 

32. (previously presented) The computer program product of claim 25 
wherein the computer readable program code for protecting usage comprises: 

computer readable program code for generating a manifest of the subset of the 
software environment, the manifest to describe the subset of the software environment; 

computer readable program code for generating a manifest signature of the manifest 
using a private key that has been decrypted using the OSNK; 

computer readable program code for verifying the manifest signature using a 
public key; and 

computer readable program code for verifying the manifest, the verified manifest 
indicating if the subset of the software environment has been modified. 

33. (previously presented) The computer program product of claim 25 
wherein the secure platform is to use an isolated execution mode. 
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34. (cancel) Th e computer program product of claim 25 wher e in th e softwar e 
environm e nt is one of a WINDOWS© op e rating system, a WINDOWS© 95 op e rating 
system, a WINDOWS© 98 operating system, a WINDOWS NT© operating system, and 
a WINDOWS® 2000 op e rating system . 

35. (previously presented) The computer program product of claim 33 
wherein the subset of the software environment is a registry of an operating system. 

36. (original) The computer program product of claim 26 wherein the BK0 is 
generated at random on a first invocation of a processor nub. 

37. (previously presented) A system comprising: 
a processor; 

a storage coupled to the processor, the storage storing a subset of a software 
environment; and 

a key generator to generate an operating system nub key (OSNK) unique to an 
operating system (OS) nub, the operating system nub being part of a software 
environment to run on a secure platform, the operating system nub further being 
associated with a ring hierarchy level; 

the usage protector coupled to the key generator to detect a subset of the software 
environment using the OSNK. 
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38. (previously presented) The system of claim 37 wherein the key generator 
comprises: 

a combiner to combine an identification of the operating system nub and a master 
binding key (BKO) of the secure platform, the combined identification and BKO 
corresponding to the OSNK. 

39. (previously presented) The system of claim 38wherein the identification 
is a hash value of one of the OS nub and a certificate representing the OS nub. 

40. (previously presented) The system of claim 37 wherein the usage 
protector comprises: 

an encryptor to encrypt the subset of the software environment using the OSNK. 

41 . (previously presented) The system of claim 37 wherein the usage 
protector comprises: 

an encryptor to encrypt a first hash value of the subset of the software 
environment using the OSNK and to provide the encrypted first hash value to a storage; 
and 

a comparator to compare the encrypted second hash value and the encrypted first 
hash value retrieved from the storage to determine if the subset of the software 
environment has been modified. 
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42. (previously presented) The system of claim 37 wherein the usage 
protector comprises: 

an encryptor to encrypt a first hash value of the subset of the software 
environment using the OSNK and to store the encrypted first hash value in a storage; and 

a comparator to compare the second hash value and the decrypted first hash value 
retrieved from the storage to determine if the subset of the software environment has been 
modified. 

43. (previously presented) The system of claim 37 wherein the usage protector 
comprises: 

a signature generator to generate a signature of the subset of the software 
environment using a private key and to decrypt the private key_using the OSNK; and 

a signature verifier to verify the encrypted signature using a public key to detect if 
the subset of the software environment has been modified. 

44. (previously presented) The system of claim 37 wherein the usage 
protector comprises: 

a manifest generator to generate a manifest of the subset of the OS, the manifest 
to describe the portion of the software environment; 
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a signature generator coupled to the manifest generator to generate a manifest 
signature of the manifest using a private key and to decrypt the private key using the 
OSNK; 

a signature verifier coupled to the encryptor to verify the encrypted manifest 
signature using a public key; and a manifest verifier coupled to the signature verifier to 
verify the manifest to indicatejf the subset of the software environment has been 
modified. 

45. (previously presented) The system of claim 37 wherein the secure 
platform is to use an isolated execution mode. 

46. (cancel) The system of claim 37 wherein the softwar e environment is one 
of a WINDOWS® operating system, a WINDOWS© 95 op e rating system, a 
WINDOWS® 98 operating system, a WINDOWS NT© operating system, and a 
WINDOWS© 2000 op e rating system . 

47. (previously presented) The system of claim 45 wherein the subset of the 
software environment is a registry of an operating system. 

48. (original) The system of claim 38 wherein the BK0 is generated at 
random on a first invocation of a processor nub. 

49. (new) The apparatus of claim 1 wherein the OS nub is associated with one 
of a plurality of three or more ring hierarchy levels. 
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50. (new) The method of claim 13 wherein the OS nub is associated with one 
of a plurality of three or more ring hierarchy levels. 

51. (new) The computer program product of claim 25 wherein the OS nub is 
associated with one of a plurality of three or more ring hierarchy levels. 

52. (new) The system of claim 37 wherein the operating system .nub is 
associated with one of a plurality of three or more ring hierarchy levels. 
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